Netzgemeinde Hubzilla
Anmelden
Registrieren
Netzgemeinde Hubzilla
Anmelden
Registrieren
System Apps
Fehler melden
Hilfe
QRator
Sprache
Suche
Verzeichnis
Zufälliger Kanal
Setting up a secure blog (or any kind of website) using hugo, certbot, haproxy, and crowdsec
Thu, 25 Jul 2024 02:26:43 +0200
zuletzt bearbeitet: Thu, 25 Jul 2024 02:27:06 +0200
Profil ansehen
h0bbl3s
via
Linux
h0bbl3s@lemmy.world
This is my first post on my new site, I hope someone finds it helpful!
Link zur Quelle
60
60 Gefällt mir
SmoochyPit
TTH4P
jbrains
bsergay
Telorand
totally_notAcat (she/her)
nnullzz
pipe01
adhocfungus
wildbus8979
Dotdev
ℛ𝒶𝓋ℯ𝓃
Uncurious3512
Irdial
hydroxycotton
federino
Libertus
jodawznev
Kandy4me
Zachariah
Stalins_Spoon
rdschouw
SingularEye
Solar Bear
Acceus
SmokeInFog
Squibbles
Vedanth01
lamermann
stiephelando
root
Steven Saus
slazer2au
Strit
Zloubida
Jolan
negi
Lucy :3
Someonelol
far_university190
Rozaŭtuno
doodleon
ArcticDagger
Daniel Phan
theshatterstone54
Wappen
FrostyCaveman
rjb
Tramort
Tanka
Strawberry
OWO_I_OWO
b8sell
harrys_balzac
lemonuri
gamesiati
linucs
milo
MazonnaCara89
mvirts
1
Linux
mehr anzeigen
11 comments
Thu, 25 Jul 2024 05:28:13 +0200
Profil ansehen
matcha_addict
matcha_addict@lemy.lol
Is it just as secure doing this (with crowdsec) vs hosting on a rented server from a cloud provider?
Link zur Quelle
1
FrostyCaveman
Thu, 25 Jul 2024 05:44:35 +0200
Profil ansehen
Alexander Goeres
jabgoe2089@hub.netzgemeinde.eu
first thing is to install snapd an a perfectly fine debian 12???
Link zur Quelle
16
16 Gefällt mir
SingularEye
Shifty
Zloubida
something_random_tho
Lucy :3
delirious_owl
keisatsu
dingdongitsabear
0_0
Daniel Phan
kif
FrostyCaveman
mostlikelyaperson
rutrum
jan75
reddeadhead
Thu, 25 Jul 2024 05:49:50 +0200
Profil ansehen
h0bbl3s
h0bbl3s@lemmy.world
My site is on a rented server at digital ocean. Some providers do more or less to protect you themselves though. I don’t think digital ocean does much monitoring or protecting, I’ve had servers on there compromised in the past that would have been caught by my current setup. It can’t hurt in any case.
I also run crowdsec on my home setup but I don’t have any open ports at home and never get alerts. I had suricata running and plugged into crowdsec as well so it would handle blocking for both, but suricata never got to get any action with crowdsec blocking malicious activity, so I disabled it to save resources.
Link zur Quelle
2
FrostyCaveman
Fonzie!
Thu, 25 Jul 2024 05:51:42 +0200
zuletzt bearbeitet: Thu, 25 Jul 2024 06:16:37 +0200
Profil ansehen
h0bbl3s
h0bbl3s@lemmy.world
I know I know. If you wanna install certbot another way feel free. Share it with me I’m sure it’ll take up less space. I only did it that way because it’s the certbot official©®™ instructions. That and I had issues with the other method I tried.
Link zur Quelle
3
Zloubida
Daniel Phan
reddeadhead
Thu, 25 Jul 2024 06:53:01 +0200
Profil ansehen
nerdovic
nerdovic@discuss.tchncs.de
I like docker and traefik, traefik has let’s encrypt built-in.
Link zur Quelle
3
krash
Strit
Fonzie!
Thu, 25 Jul 2024 06:58:47 +0200
Profil ansehen
h0bbl3s
h0bbl3s@lemmy.world
I’ve got plenty of experience with docker and I’ve heard of traefik but never used it. Thanks, I’m gonna look into it.
Link zur Quelle
1
Fonzie!
Thu, 25 Jul 2024 08:44:47 +0200
Profil ansehen
exu
exu@feditown.com
I can really recommend acme.sh if you wanted to try a certbot alternative.
Link zur Quelle
5
Zloubida
kif
mikaljo
OWO_I_OWO
Fonzie!
Thu, 25 Jul 2024 09:21:17 +0200
Profil ansehen
keisatsu
keisatsu@infosec.pub
apt install python3-certbot :)
Link zur Quelle
4
kif
Cozog
Fonzie!
static
Thu, 25 Jul 2024 09:46:46 +0200
Profil ansehen
lemmyvore
lemmyvore@feddit.nl
Or a docker image with Nginx Proxy Manager. You get a working reverse proxy, an automatically renewing certbot, easy to use UI, plus a working nginx install that you can use for serving static files, forward proxy etc.
Link zur Quelle
1
Fonzie!
Thu, 25 Jul 2024 10:26:41 +0200
Profil ansehen
FrostyCaveman
FrostyCaveman@lemm.ee
Thanks for sharing! TIL about crowdsec
Link zur Quelle
2
univers3man
Fonzie!
Thu, 25 Jul 2024 12:02:03 +0200
Profil ansehen
mostlikelyaperson
mostlikelyaperson@lemmy.world
Another thing you could check out is Caddy, comes with a lot of stuff onboard and has an optional crowdsec module (though I should point out that I never used that module myself so I can’t make guarantees how well it works)
caddyserver.com
Link zur Quelle
2
reddeadhead
fubarx
Konversationsmerkmale
Lädt...
Konversationsmerkmale
Lädt...
Anmelden
E-Mail oder Kennung
Kennwort
Angaben speichern
Anmelden
Registrieren
Zurücksetzen des Kennworts
Entfernte Authentifizierung